CRITICAL
Activerecord Project
CVE published 2022-12-05
CVE-2022-32224
CVE-2022-32224 is a critical vulnerability in Active Record YAML serialized columns that can escalate to remote code execution if an attacker can manipulate data in the database. NVD lists the issue as CVSS 3.1 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), with affected versions including Active Record < 7.0.3.1, < 6.1.6.1, < 6.0.5.1, and < 5.2.8.1.